I am having issues with using Manjaro Linux on my HP Envy x360. More precisely, it just won’t let me boot from the USB flash drive. When I turn on my laptop, then press ESC, then F9, and choose the device, an error comes up saying “Selected boot image did not Authenticate. Press <Enter> to Continue.”
Steps I’ve tried:
Updating my BIOS (downloading an .exe from the official HP driver webpage)
Turning off Secure Boot in BIOS
Trying to turn on legacy mode (wasnt able to do that; my BIOS didnt have this option, even after updating it)
I am using WI-FI,
The desktop environment of Manjaro is GNOME,
I am using a Samsung USB flash drive with 32Gb storage,
I tried to flash Manjaro Linux with both balenaEtcher and Rufus,
I was able to boot Ubuntu Linux.
I read somewhere that BIOS doesn’t let me to boot images that don’t have a Microsoft signature, but how did Ubuntu work if it’s a Linux distro?
This is only true if Secure Boot is enabled. However, if the laptops’s UEFI ─ note: it is not a BIOS ─ has authentication keys from Microsoft stored in its non-volatile memory, then you will need to delete those authentication keys before you can disable Secure Boot.
Ubuntu has chosen to support Secure Boot by inserting a shim ─ effectively a Microsoft-certified authentication token, for which Canonical had to pay a one-time fee to Microsoft ─ between the UEFI firmware and the GRUB boot loader. Manjaro on the other hand does not support Secure Boot.
By the way, it is not necessary to enable legacy BIOS emulation (alias CSM, or “compatibility support module”) in the UEFI setup utility in order to install Manjaro. In fact, we recommend installing in native UEFI mode, and especially so if you’re going to be dual-booting with Microsoft Windows 10, which comes installed in UEFI mode by default.
Can you please explain more about this? Because I have no idea on how to do that.
Also, I forgot to mention that whenever I turn Secure Boot off and save settings, then go to BIOS Setup Utility (at least it’s called like this), Secure Boot is enabled.
My laptop uses Ryzen 5 4500U with Radeon Graphics
Neither have I, because I tend to avoid Microsoft-certified hardware.
You’ll have to go through the settings in your UEFI firmware setup utility in order to find the Microsoft authentication keys and then delete them. You can find information about that on the web ─ possibly even here at the forum, albeit that it may have been discussed at the old and now archived forum, which you can find here.
The old forum crashed and the database was corrupted, so we had to start all over again in August of 2020, but the old forum remains available as a read-only archive.
Yes, and that is because of those authentication keys. As long as they are stored in your computer’s firmware settings, you won’t be able to turn off Secure Boot.